When you’re under attack, every second counts. Time to mitigation is critical for service providers because Fast Flood attacks can ramp up to multi-hundred gigabits in size in a matter of seconds, and have the potential to cause significant collateral damage across a provider network. In 2014, the DDoS landscape has been dominated by these very large attacks that leverage reflection/amplification capabilities within such network elements as DNS, NTP and more recently Simple Service Discovery Protocol (SSDP). Through the end of the third quarter, Arbor has seen more than 130 attacks larger than 100Gbps, a dramatic spike in the frequency of volumetric attacks compared to previous quarters.
“The majority of the world’s service providers rely on the Peakflow SP platform for network intelligence and DDoS protection. More than sixty providers utilise the Peakflow SP platform to also offer DDoS managed services to their customers. Our continued innovation in the area of DDoS attack detection and mitigation has duel benefits for our service provider customers, helping protect their own infrastructure while also improving their ability to deliver DDoS managed security offerings,” said Arbor Networks President Matthew Moynahan.
Arbor Networks Peakflow Portfolio
Many of the world's leading cloud, hosting and service providers rely on Arbor's Peakflow DDoS protection platform to proactively fend off malicious threats such as botnets and volumetric and application-layer distributed denial of service (DDoS) attacks, while strengthening the availability and quality of their services.
The Peakflow SP platform includes two main components, Peakflow and the Peakflow Threat Management System. Peakflow combines network-wide anomaly detection and traffic engineering with the Peakflow Threat Management System’s carrier-class threat management, which automatically detects and surgically removes only attack traffic, while maintaining other business traffic. With the ability to mitigate only the attack traffic, customer-facing services remain available while providers actively mitigate attacks. The Peakflow SP platform also powers many of the world's leading cloud-based DDoS managed security services.
New Features in Peakflow 7.0
Built-in SSL Inspection to Block Encrypted Attacks
As the Internet evolves to increasingly rely on SSL encryption, DDoS attacks have also evolved to encrypt malicious traffic and evade defenses. The Peakflow Threat Management System now includes an optional on-box SSL acceleration card to deliver an integrated, one-appliance solution to inspect encrypted traffic for DDoS threats. DDoS attacks are blocked in real time as normal traffic passes uninterrupted – all without forcing changes to existing network and application infrastructure.
New and Improved Attack Countermeasures
The Peakflow Threat Management System now includes enhanced threat protection delivered as part of the ATLAS® Intelligence Feed. Arbor Peakflow 7.0 delivers an improved set of countermeasures designed to stop the most advanced HTTP, DNS, and TCP connection attacks. Two new countermeasures included in this release provide enhanced protection against flooding and server exhaustion attacks.
Enhanced Workflow, Reporting and Analysis
Redesigned DDoS attack alert dashboards now include substantial new data analysis for DDoS attacks, including geographic information (what countries attacks are coming from), network information (which networks the attacks are coming from), and automatic identification of major attack patterns to enable operators to quickly and easily identify the attack and understand how to block it.
Peakflow’s unmatched ability to provide pervasive network visibility and analysis has gotten even better as users can utilise powerful new reporting features which enable them to slice massive amounts of Peakflow data in ways that are meaningful to security teams, their marketing departments, product managers or their executives. In other words, it adds the “User Dimension” to reporting and analysis.